Design-partner program · seed stage

Prevention, not detection. The financial control plane for AI agents.

Tarmac sits between your agents and the compute they consume, holds the budget, and enforces it before money is spent. Per-run, monthly, and yearly caps as hard limits — atomic authorization holds, modeled on a card network. No more month-end surprises.

// Live authorization ledger Live

Monthly budget $184,200 / $250,000 11 days left · pace 92%

$0$125K$250K · cap

✓support-triageP0$0.34admit · L

✓revenue-opsP0$1.92admit · XL

▽code-refactorP2~~$4.10~~$1.20throttle · M

✓data-pipeline-euP1$2.65admit · L

✕research-crawlerP3$3.85hold · over-cap

✓eval-harnessP2$0.92admit · M

admit throttle hold 2,141 holds/min · 0 breaches

// 01 · The problem

Autonomous agents now spend money without a real-time check. Finance sees the bill after it lands.

Coding, research, monitoring and data-pipeline agents already hold real budgets. Today's tools observe, alert and throttle — none of them prevent a breach. The pain is industry-wide and compounding faster than any adjacent vendor is moving to govern it.

// Median enterprise · monthly LLM bill · YoY into 2026

7.2×

Year-over-year growth in the median enterprise's monthly LLM spend — outpacing every other line item in the cloud bill, with no governance layer in front of it.

FinOps Foundation · 2026 State of FinOps for AI

Cost compounds with autonomy.

A single multi-step agentic decision cycle can cost three orders of magnitude more than a simple call. Every new tool, every retry, multiplies the bill.

Simple LLM call~$0.001

Tool-augmented response$0.02–0.08

Multi-step agentic decision cycle$0.10–$1.00

// 02 · How it works

Tarmac admits, decides, enforces, settles — like a card network for compute.

Every run is gated through an atomic authorization hold against the per-run, monthly, and yearly caps. If it doesn't fit, it doesn't run. If it fits, Tarmac picks the heaviest model the live price and remaining budget allow.

01 / Onboard

Set budgets and priority.

Define a per-run max, monthly and yearly caps. Each agent carries a description and a priority tier — revenue-critical work is protected over nice-to-have work.

caps · tiers

02 / Watch

Track live price & burn.

The Compute Price Signal continuously aggregates model and GPU pricing. The ledger keeps remaining budget to the cent, across every concurrent run.

price · burn

03 / Decide

Pick the model tier.

For every run, Tarmac selects the heaviest model that the live price and remaining budget allow — lighter to protect the budget, heavier when there's room.

tier · S→XL

04 / Enforce

Apply, hold, or drop.

An atomic authorization hold is placed before the call is admitted. Over-cap runs are throttled to a lighter tier — or held entirely if no tier fits.

admit · hold

05 / Report

Attribute every dollar.

One reconciled ledger powers a live ops view and a finance-grade set of books: statements, itemized receipts, attribution and burn-rate projection.

books · close

// 03 · Two reconciled surfaces

One ledger. Two views. Built for two buyers at once.

The platform leader gets a live control room. The CFO gets a managed budget with statements and forecast. Both views read from the same enforced ledger — never out of sync, never reconciled by hand.

// Surface 01 For platform & AI-infra leaders

Agent Operations Dashboard.

A live control room over the entire fleet. Watch admits and holds in real time, rebalance by priority before a cap is breached, and ship without fear of the bill.

Fleet view by agent, priority tier, and laneEvery agent's burn, hold rate, and active tier at a glance.
Priority-aware automatic rebalancingTighten budgets shed P3 work first; P0 keeps full tier.
Per-agent rules & soft alertsCatch drift before it becomes a hold spike.

tarmac · ops · fleet

Admit rate · 24h

96.4%

Held over-cap

312runs

Fleet · 8 agents · priority-tier status

support-triage · P0

revenue-ops · P0

code-refactor · P2

research-crawler · P3

// Surface 02 For the CFO & finance

Financial Console.

AI compute spend that finally behaves like a managed budget. Monthly statements, itemized receipts, clean attribution to team and agent, and a burn-rate projection that doesn't move at month-end.

Period statements with full attributionBy cost center, team, agent, and lane — close the books on AI cost.
Burn-rate projection to month-endForecast updates with every authorization, not at month-end.
Audit-ready ledger with itemized receiptsEvery run, every hold, every dollar — reconciled to the cent.

tarmac · finance · period statement

// Statement May 2026 · 11 days remaining

Customer support · agents (4)$48,21026%

Revenue ops · agents (2)$41,86023%

Eng productivity · agents (5)$36,42020%

Data pipelines · agents (3)$31,94017%

Research · agents (2)$25,77014%

Period spend · governed$184,200100%

Projected close

$237,400 of $250K cap

Saved vs PAYG

$42,100 via tier-down

// 04 · The core mechanic

Pin the lane. Move the model. Within the budget, always the heaviest tier that fits.

Each agent's compute lane — an inference-API model family or a fixed GPU type — is set once at onboarding. What Tarmac moves dynamically, per run, is the model tier the agent runs: lighter to protect the budget, heavier when there's room.

One lane per agent.

Onboard-time decision: family, region, fallback. Predictable for security review, simple for compliance, frozen against drift.

revenue-opspriority · P0

XL · heaviest fit

data-pipelinepriority · P1

L · fits the cap

code-refactorpriority · P2

M · throttled

researchpriority · P3

S · floor

// lighter ← model tier → heavierrecalc · every authorization

// 05 · The wedge

Observability sees. Gateways throttle. Only Tarmac enforces.

Adjacent tools exist, and major platforms are moving in — but they cluster into five groups, and the same gap runs through all of them. None enforce a hard cap before spend. None rebalance a fleet by business priority. None produce books that engineering and finance both trust.

3% of what we govern. 1% of what we save. One model. No tiers.

Tarmac never resells compute. The governance fee scales with the spend we protect; the performance fee earns only when we deliver savings. Our incentives point the same direction as yours.

// Governance fee

3%of governed AI compute spend · annual

Minimum · $12,000 / year

A proportion of the spend Tarmac protects — never a flat platform tax. Same rate from your first agent to your thousandth.

Authorization-hold engine · per-run, monthly, yearly caps
Priority-aware fleet rebalancing under budget pressure
Agent Operations Dashboard · live fleet view
Financial Console · statements, exports, audit ledger
Unlimited users · unlimited agents · SOC 2 Type II

// Performance fee

1%of realized savings · quarterly in arrears

Billed only on savings actually delivered

For every run, the gap between what the task would have cost at the heaviest model and what it actually cost. Summed across the fleet, traceable to every receipt.

Tarmac earns more only when it has saved you more
Savings reporting on every receipt, statement and rollup
No charge in any quarter Tarmac doesn't deliver savings
Never a percentage of your cloud bill or provider invoice
Never a markup on compute — Tarmac is not a reseller

Annual price = max($12,000, 3% × governed spend) + 1% × realized savings. · Compute runs in your own accounts. · See worked examples & estimator →

// 07 · Built for the security review

Proxy-first. Fail-closed. An in-path vendor is only a vendor if the CISO signs off — so we built for the review.

01 / Proxy-first integration

No long-lived customer credentials.

Tarmac sits in the request path as a proxy with short-lived, scoped tokens issued per workspace. No standing read on your model provider account. No keys at rest in our control plane.

scoped-tokens · per-workspace

02 / Fail-closed by default

If Tarmac can't authorize, the run doesn't happen.

The ledger is the system of record. When the budget engine is unhealthy, the proxy refuses to admit rather than letting a run leak through. Budget breach is a designed-against, tested property.

concurrency-invariant · CI gate

03 / SOC 2 from day one

Type I in Q2. Type II observation window opens Q3.

GRC platform live before the first design partner. Annual third-party penetration tests, a public trust center, and SOC 2 Type II on the calendar before the first enterprise opportunity — not after.

SOC 2 · vCISO · pentest · trust center

// Compliance roadmap

✓ GRC platform live SOC 2 Type I · Q2 2026 SOC 2 Type II · Q4 2026 First pen test · Q2 2026 ISO/IEC 27001 · 2028

// 09 · FAQ

What is Tarmac, in one sentence?
A financial control plane that sits between your AI agents and the compute they consume, enforces your spend rules — per-run, monthly, and yearly caps — as hard limits before money is spent, and produces one reconciled ledger that engineering and finance both trust.
How is this different from an LLM gateway?
Gateways throttle and alert. Tarmac enforces. Every run goes through an atomic authorization hold against your real budget; an over-cap run is either throttled to a lighter tier or held entirely. Gateways are built for developers — Tarmac is built for the platform leader and the CFO at the same time, with finance-grade books that gateways don't pretend to produce.
"Authorization hold" — what does that actually mean?
Modeled on a card network. Before a run is admitted, Tarmac places a hold on the remaining budget for the maximum dollar amount that run could spend. When the run settles, the hold is released and the actual cost is captured. Concurrency-safe by design — there is no path where two runs simultaneously consume the same dollar, and there is no path where a run is admitted unless it provably fits.
What's the "pin the lane, move the model" idea?
Each agent's compute lane — an inference-API model family (e.g. Claude, GPT, Gemini) or a fixed GPU type — is set once at onboarding. It's the security-and-compliance-relevant decision and we keep it frozen. What Tarmac changes dynamically, on every run, is the model tier the agent gets: lighter when the budget is tight or the agent is low-priority, heavier when there's room.
Do you sit in the request path?
Yes — proxy-first. Tarmac receives the agent's request, authorizes it against the budget, and forwards it to the model or GPU provider on your behalf using a short-lived scoped token. We do not hold long-lived customer credentials. If our budget engine is unhealthy we fail closed: no admit, no spend.
What does Tarmac never see?
We never see your weights or your customer data at rest — we proxy individual requests and keep the metadata needed to bill and authorize. Storage of prompt and completion content is opt-in per workspace; the default is metadata-only. Your model provider keeps the content path.
How does pricing work, really?
3% of the AI compute spend Tarmac governs (with a $12,000 annual minimum), plus 1% of the savings Tarmac actually realizes for you. One model — no tiers, no per-seat fees, no markup on compute. The governance fee bills annually; the performance fee is reconciled quarterly in arrears. In any quarter Tarmac doesn't deliver savings, the performance fee is zero.
How long does an integration take?
Design partners are typically in production on one team's fleet within two weeks of the security review clearing — usually one engineering afternoon to point traffic at the proxy, a few hours to encode budgets and agent tiers, and a brief reconciliation cycle for the first statement.
What's the SOC 2 status?
GRC platform is live. SOC 2 Type I is on the Q2 2026 calendar; Type II observation window opens in Q3. We run a public trust center and commission an annual third-party penetration test. ISO/IEC 27001 is on the 2028 roadmap.
When does the MVP land?
Phase 1 product (admit-to-settle, Agent Operations Dashboard, receipts) ships in Month 7. The Financial Console (statements, attribution, projection) follows in Months 10–12. Design partners are admitted in order from the waitlist; the first two are already in.